-
Notifications
You must be signed in to change notification settings - Fork 2
SSL_Support
This is rough documentation on how to add SSL support to your Varnish+Turpentine site using either Pound or Nginx. It hasn't been thoroughly tested, but I did not find any notable problems with it on my dev site.
Caveats:
- Requires Magento CE version >= 1.6.2.0 (or the equivalent version of Magento EE)
- Using HTTPS in the unsecure base URL will not work, Magento will get stuck in a redirect loop because of an issue (see https://www.varnish-cache.org/trac/ticket/1333). At least, this fix is not available for varnish 3
Example config:
TimeOut 3600
ListenHTTPS
Address <Varnish listener IP>
Port 443
Cert "<path to your SSL cert .pem>"
xHTTP 2
RewriteLocation 1
Ciphers "RC4:!SSLv2:!ADH:!aNULL:!eNULL:!NULL:!LOW:!EXP"
AddHeader "Ssl-Offloaded: 1"
End
Service
BackEnd
Address <Varnish listener IP>
Port <Varnish listener port, probably 80 or 8080>
End
End
The important lines are the Ciphers "RC4:!SSLv2:!ADH:!aNULL:!eNULL:!NULL:!LOW:!EXP"
line which disables SSLv2 and some weak ciphers for PCI compliance and the
AddHeader "Ssl-Offloaded: 1" line which will add a header to let Magento
know that this request is secure even though Magento will see it as a plain
HTTP request.
See issue #35
Add to either Magento's .htaccess file or your VirtualHost:
SetEnvIf Ssl-Offloaded 1 HTTPS=on
Under System > Configuration > Web > Secure change the Offloader header
value to HTTP_SSL_OFFLOADED (from the default SSL_OFFLOADED) and make
sure the Base URL has https for the protocol, then save.
And you're done! It should just work. Note that Varnish will cache the HTTP and HTTPS pages separately. This could be changed but I'm not sure it's a good idea.
This issue has useful information from @ADDISON74 and make be useful depending on your approach and environment.